A file I/O error occurred while accessing - Vmware converter V2V

Kenya.JPG

So this morning, I was trying to convert a virtual machine running on a Hyper-V host on a different domain to another using the Vmware converter tool. The destination was to the Vmware 5.5 cluster. I had installed the vmware converter on the Hyper-V machine and ran through the initial setup and clicked on the finish button. When I did that after a while I got an error "A file I/O error occurred while accessing". After looking around for a while I realized that from my source machine I cannot ping the FQDN of my Vcenter server and the destination host that I am trying to migrate this virtual machine to, even though I can ping the IP's the DNS names cannot be pinged.

So it was pretty straight forward from this point, I opened by the local hosts file, on the source server and made some manual entries to the vcenter server and the destination vmware host. After I did that I re-ran my conversion tool and this time it worked! (I hope you know how to get the local host file on a server to make manual entries, if you don't then drop me a comment and I shall respond back!)

-Alstar

Unable to bring the MSDTC resource online in a windows failover cluster - 0x3eb cluster resource

This morning, I had created my new Windows 2016 failover cluster and when I was trying tp create my MSDTC resource or for that matter any resource, I was unable to bring it online and it was failing at the network name bit. The disks were alright and were shared between the hosts but the resource just wouldn't come online!

After digging around, I figured out that my CNO (Cluster network object) did not have the "Create computer objects" permission, on the OU it was trying to create my MSDTC object. So all I had to do was go to the properties of my OU, which the objects was trying to be created and right click --> properties

1.JPG

On the next dialog box, go to the security tab and click the Advance button

2.JPG

Then click Add

3.JPG

Then click the "Select a principal" option

4.JPG

Here put the CNO name of your windows failover cluster, mine was ALSTAR$ and hit OK

5.JPG

In the permissions windows, make sure the "Create Computer Objects" permission is granted to the CNO and click OK.

6.JPG
7.JPG

Once this is done, try and bring your MSDTC resource online and hopefully it should come online without any issues!

-Alstar

Fun with Powershell - Get the "managedby" property for a list of groups

If you ever wanted to get the managedby property for a bunch of groups in active directory, here is a small script which helps you achieve that.

Import-Module activedirectory
$groups = Get-ADGroup -filter * -SearchBase "OU=Distribution Groups,OU=Groups,OU=Common,OU=IN,OU=AC,DC=contoso,DC=com" | select samaccountname
$groups | Export-Csv -Path "C:\powershell\Scripts\DL Managers\groups.csv"
$content = Get-Content -Path "C:\powershell\Scripts\DL Managers\groups.txt"
$valid = @()


foreach ($group in $content)
{

$grp = Get-ADGroup -Identity $group -Properties * | select Name,samaccountname,ManagedBy | sort ManagedBy
$valid+= $grp

$valid | export-csv -Path 'C:\powershell\Scripts\DL Managers\managers.csv' -NoTypeInformation -UseCulture

}

-Alstar

A user GPO does not process with security filtering applied

In case you have decided to apply a user group policy object based on security filtering such as a security group, you may notice that the user's in the security group that are the members do not get that policy applied. Here is a quick tip that you might need to check.

Make sure under the Delegation tab of that particular group policy object "Authenticated Users" have READ permissions, because when you remove this group from the Security Filtering section and add the desired security group, the behavior of the policy object changes and for the users to read this policy, you need to give them read access under the delegation tab by adding in the "Authenticated Users" group!

-Alstar

A request to allocate an ephemeral port number from the global TCP port space has failed due to all such ports being in use.

This particular issue made my life miserable for over a 2 week period and affected 3 of my backup servers! So what would happen is that, randomly some of my backup servers would somehow lose connection and drop of the network. I mean they would still be pingable and online however when I would try to login, I would get a "No logon servers available" message and at that point the only way to fix this was to restart the server! This made my backups to fail as well. I have like over 50 Tb to backup on each of my locations and because of this issue they would never complete. So after digging around I found a couple of warning messages in my System log as you see below.

tcp1.JPG

So looks like my backup servers were getting their TCP connections exhausted and hence would drop connections to the DC and the general connectivity was affected as well.

Resolution

  • I opened up my iSCSI initiator on the server and noticed a redundant LUN stuck in a reconnecting state. I had introduced a lun from my Netapp to this server to act as a D drive, on which I have my Netbackup installation. So  I removed that reconnecting lun from the iSCSI window as it was no longer needed and also removed it from my Favorite targets window within the iSCSI initiator window.
  • After that just to be safe I modified some registry entries as well to increase the TCP buffer, I dont think his was necessary after I fix the reconnecting LUN in the iSCSI initiator but I was fed up with my backups not completing so I put these keys in anyways.

Go to HKLM\System\CurrentControlSet\Services\Tcpip\Parameters and under that make 4 DWORD vaules as you see below and restart the server!

Once you do this, hopefully the server will no longer lose the TCP connection and you will not get the "No Logon Server Available" message when you try to logon.  I believe this was an affect of a Microsoft patch that was released recently as I have read this online. I am sure what the patch was or the number though.

Hope this helps!

-Alstar